[Zope] Help with session data and redirects
Brad Powell
Brad.Powell@conocophillips.com
Tue, 15 Apr 2003 14:45:48 -0500
This is a multipart message in MIME format.
------=_NextPartTM-000-836deb6f-e52a-4450-8f5e-5432965ab577
Content-Type: multipart/alternative;
boundary="=_alternative 006C8F5E86256D09_="
--=_alternative 006C8F5E86256D09_=
Content-Type: text/plain; charset="us-ascii"
I believe your hypothesis is exactly right, Chris. I did wget going
direct to Zope on port 8080, and I also did wget going through PCGI. Both
show the two http requests (and response headers): the first one to
sessionCreateAndRedirect and the second one to view_session_obj.pt. Going
direct to port 8080 reveals a "Set-Cookie: _ZopeId=..." header being sent
only in the first http response; whereas the PCGI route shows the
"Set-Cookie:_ZopeId=..." header being sent only in the second response.
Also, I tried your workaround, and it works, further confirming the
hypothesis.
Where do I go from here as far as getting this "bug" fixed?
Brad
Chris McDonough <chrism@zope.com>
04/15/2003 12:24 PM
To: Chris McDonough <chrism@zope.com>
cc: Brad Powell/PPCO@Phillips, zope@zope.org
Subject: Re: [Zope] Help with session data and redirects
FWIW, a workaround for this issue that I just thought of is to put the a
session key in the redirect URL of createSessionAndRedirect:
session = context.REQUEST.SESSION
sessionObjName = 'redirectTest'
session.set(sessionObjName, sessionText)
url = context['view_session_obj.pt'].absolute_url()
dummy = context.ZopeTime().timeTime()
browserid = session.getContainerKey()
return context.REQUEST.RESPONSE.redirect(
'%s?dummy=%s&_ZopeId=%s' % (url, dummy, browser_id)
)
The cookie still won't be set under your configuration, but the session
machinery exercised by the target of the redirect should always find the
browser id in the form namespace instead.
- C
On Tue, 2003-04-15 at 13:06, Chris McDonough wrote:
> That makes me suspect that something about PCGI or IIS is not passing
> along the session's set-cookie header to the browser in the initial
> redirect response. You may want to use something like (under UNIX or
> Cygwin):
>
> wget -S
> http://your.servers.pcgi.hostname/createSessionAndRedirect?sessionText=foo
>
> This will print the headers of the response (you may want to do this in
> a temp directory, it also saves the files). If you don't see a
> set-cookie header, something is stripping it out.
>
> It works the "second time around" because the set-cookie header is sent
> in the response that contains the rendered view_session_obj.pt script
> (as a result of accessing REQUEST.SESSION in that script). Thereafter,
> the browser sends a cookie header along with every request.
>
> So if you can verify this, the bug becomes "set-cookie headers are not
> passed along to browsers when PCGI and/or IIS is used and the response
> also contains a redirect header". Not that I know how to solve this,
> but at least we could have a hypothesis. ;-)
>
> - C
>
> On Tue, 2003-04-15 at 12:36, Brad Powell wrote:
> > Zope 2.6.1 running under IIS on a Windows 2000 Server, with PCGI.
> > Client browser is IE v5.50.4522.1800 running on Windows 2000
Professional.
> > Also tried with Mozilla 1.0 under Debian.
> >
> > Gathering this info for you made me think about the PCGI interface,
and I
> > discovered something interesting. The redirect works great when I'm
going
> > direct to Zope port 8080 (not using PCGI). It manifests the initial
> > request problem when using the PCGI interface. In fact, that's why
> > Konqueror worked. I was going direct to port 8080 when I was trying
> > Konqueror.
> >
> > Brad
> >
> >
> >
> >
> >
> > Chris McDonough <chrism@zope.com>
> > 04/15/2003 11:12 AM
> >
> > To: Brad Powell/PPCO@Phillips
> > cc: zope@zope.org
> > Subject: Re: [Zope] Help with session data and
redirects
> >
> >
> > I'm afraid I can't reproduce this behavior. Which
> > browser(s)/platform(s) does it occur under?
> >
> > On Tue, 2003-04-15 at 12:06, Brad Powell wrote:
> > > Thanks, Chris, for the quick reply. I tried both of your
suggestions:
> > the
> > > random query string and the setHeader statements in the ZPT. They
both
> > > improved the situation in that requests after the initial one are
now
> > > returned properly. However, the very first request still returns
the
> > "Problem: no session object (redirectTest)" message. By the way,
instead
> > of a response.redirect, if I return the page
> > > template directly in the script with a statement like "return
> > > container['view_session_obj.pt']()", it works perfectly.
Unfortunately,
> > I
> > > need the redirect because of the way my actual page template works.
> > >
> > > Brad
> > >
> > >
> > >
> > >
> > >
> > > Chris McDonough <chrism@zope.com>
> > > 04/15/2003 10:18 AM
> > >
> > > To: Brad Powell/PPCO@Phillips
> > > cc: zope@zope.org
> > > Subject: Re: [Zope] Help with session data and
redirects
> > >
> > >
> > > Under Mozilla 1.3 on Linux, when running your test (e.g. when
visiting
> > > /createSessionAndRedirect?sessionText=456), I immediately get:
> > >
> > > ## Page Template "view_session_obj.pt" ##
> > >
> > > 456
> > >
> > > Like you, I suspect this may be a browser issue.
> > >
> > > To verify, cause the createSessionAndRedirect to generate a "random"
> > > query string like this:
> > >
> > > session = context.REQUEST.SESSION
> > > sessionObjName = 'redirectTest'
> > > session.set(sessionObjName, sessionText)
> > > return
> > >
> >
context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url()
> >
> > > + '?abc=%s' % context.ZopeTime().timeTime())
> > >
> > > This should prevent browsers from returning a cached page. A more
> > > permanent solution would be to set a Pragma: No-Cache or
Cache-Control:
> > > No-Cache HTTP header within "view_session_obj.pt".
> > >
> > > - C
> > >
> > >
> > > On Tue, 2003-04-15 at 10:58, Brad Powell wrote:
> > > > I have a problem where session data does not appear to be updated
when
> >
> > > the
> > > > setting of the session data is followed by a response.redirect in
a
> > > Python
> > > > script. A browser refresh is required to get the correct data
> > > displayed.
> > > > This happens on both Zope v2.5.1 and v2.6.1. It also happens with
IE
> > > and
> > > > Mozilla browsers; but, interestingly, it does not occur with the
> > > Konqueror
> > > > browser. This led me to believe it was a browser issue, but no
matter
> >
> > > > what options I try in IE, I cannot get it to work. I thought it
might
> >
> > > be
> > > > an issue with the browser cache settings, but, again, no matter
what I
> >
> > > try
> > > > I get the same result.
> > > >
> > > > I've included a test script and page template that demonstrates
this
> > > > problem. When I go to url
"sessionCreateAndRedirect?sessionText=123",
> > I
> > > > get the message, "Problem: no session object (redirectTest)." If
I
> > then
> > >
> > > > refresh the browser, I get "123" displayed, which is the correct
> > > response.
> > > > Subsequent calls to the url with different values for sessionText
> > > returns
> > > > the previous session value, until I do a browser refresh.
> > > >
> > > > Any assistance, guidance, wisdom, etc. on this matter would be
greatly
> >
> > > > appreciated.
> > > >
> > > >
> > > > ## Script (Python) "sessionCreateAndRedirect"
> > > > ##parameters=sessionText
> > > > ##
> > > > session = context.REQUEST.SESSION
> > > > sessionObjName = 'redirectTest'
> > > > session.set(sessionObjName, sessionText)
> > > > return
> > > >
> > >
> >
context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url())
> > > >
> > > > ## Page Template "view_session_obj.pt"
> > > > ##
> > > > <html>
> > > > <head>
> > > > <title tal:content="template/title">The title</title>
> > > > </head>
> > > > <body>
> > > > <tal:block define="global sesObj request/SESSION/redirectTest
|
> > > > nothing"></tal:block>
> > > > <p tal:condition="not:sesObj">Problem: no session object
> > > > (redirectTest).</p>
> > > > <p tal:condition="sesObj" tal:content="sesObj">session obj
> > > > contents</p>
> > > > </body>
> > > > </html>
> > > >
> > > >
> > > > Brad
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
--=_alternative 006C8F5E86256D09_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">I believe your hypothesis is exactly right, Chris. I did wget going direct to Zope on port 8080, and I also did wget going through PCGI. Both show the two http requests (and response headers): the first one to sessionCreateAndRedirect and the second one to view_session_obj.pt. Going direct to port 8080 reveals a "Set-Cookie: _ZopeId=..." header being sent only in the first http response; whereas the PCGI route shows the "Set-Cookie:_ZopeId=..." header being sent only in the second response.</font>
<br>
<br><font size=2 face="sans-serif">Also, I tried your workaround, and it works, further confirming the hypothesis.</font>
<br>
<br><font size=2 face="sans-serif">Where do I go from here as far as getting this "bug" fixed?</font>
<br>
<br><font size=2 face="sans-serif">Brad</font>
<br>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Chris McDonough <chrism@zope.com></b></font>
<p><font size=1 face="sans-serif">04/15/2003 12:24 PM</font>
<br>
<br><font size=1 face="sans-serif"> To: Chris McDonough <chrism@zope.com></font>
<br><font size=1 face="sans-serif"> cc: Brad Powell/PPCO@Phillips, zope@zope.org</font>
<br><font size=1 face="sans-serif"> Subject: Re: [Zope] Help with session data and redirects</font></table>
<br>
<br>
<br><font size=2 face="Courier New">FWIW, a workaround for this issue that I just thought of is to put the a<br>
session key in the redirect URL of createSessionAndRedirect:<br>
<br>
session = context.REQUEST.SESSION<br>
sessionObjName = 'redirectTest'<br>
session.set(sessionObjName, sessionText)<br>
url = context['view_session_obj.pt'].absolute_url()<br>
dummy = context.ZopeTime().timeTime()<br>
browserid = session.getContainerKey()<br>
return context.REQUEST.RESPONSE.redirect(<br>
'%s?dummy=%s&_ZopeId=%s' % (url, dummy, browser_id)<br>
)<br>
<br>
The cookie still won't be set under your configuration, but the session<br>
machinery exercised by the target of the redirect should always find the<br>
browser id in the form namespace instead.<br>
<br>
- C<br>
<br>
On Tue, 2003-04-15 at 13:06, Chris McDonough wrote:<br>
> That makes me suspect that something about PCGI or IIS is not passing<br>
> along the session's set-cookie header to the browser in the initial<br>
> redirect response. You may want to use something like (under UNIX or<br>
> Cygwin):<br>
> <br>
> wget -S<br>
> http://your.servers.pcgi.hostname/createSessionAndRedirect?sessionText=foo<br>
> <br>
> This will print the headers of the response (you may want to do this in<br>
> a temp directory, it also saves the files). If you don't see a<br>
> set-cookie header, something is stripping it out.<br>
> <br>
> It works the "second time around" because the set-cookie header is sent<br>
> in the response that contains the rendered view_session_obj.pt script<br>
> (as a result of accessing REQUEST.SESSION in that script). Thereafter,<br>
> the browser sends a cookie header along with every request.<br>
> <br>
> So if you can verify this, the bug becomes "set-cookie headers are not<br>
> passed along to browsers when PCGI and/or IIS is used and the response<br>
> also contains a redirect header". Not that I know how to solve this,<br>
> but at least we could have a hypothesis. ;-)<br>
> <br>
> - C<br>
> <br>
> On Tue, 2003-04-15 at 12:36, Brad Powell wrote:<br>
> > Zope 2.6.1 running under IIS on a Windows 2000 Server, with PCGI.<br>
> > Client browser is IE v5.50.4522.1800 running on Windows 2000 Professional. <br>
> > Also tried with Mozilla 1.0 under Debian.<br>
> > <br>
> > Gathering this info for you made me think about the PCGI interface, and I <br>
> > discovered something interesting. The redirect works great when I'm going <br>
> > direct to Zope port 8080 (not using PCGI). It manifests the initial <br>
> > request problem when using the PCGI interface. In fact, that's why <br>
> > Konqueror worked. I was going direct to port 8080 when I was trying <br>
> > Konqueror.<br>
> > <br>
> > Brad<br>
> > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > Chris McDonough <chrism@zope.com><br>
> > 04/15/2003 11:12 AM<br>
> > <br>
> > To: Brad Powell/PPCO@Phillips<br>
> > cc: zope@zope.org<br>
> > Subject: Re: [Zope] Help with session data and redirects<br>
> > <br>
> > <br>
> > I'm afraid I can't reproduce this behavior. Which<br>
> > browser(s)/platform(s) does it occur under?<br>
> > <br>
> > On Tue, 2003-04-15 at 12:06, Brad Powell wrote:<br>
> > > Thanks, Chris, for the quick reply. I tried both of your suggestions: <br>
> > the <br>
> > > random query string and the setHeader statements in the ZPT. They both <br>
> > > improved the situation in that requests after the initial one are now <br>
> > > returned properly. However, the very first request still returns the <br>
> > "Problem: no session object (redirectTest)" message. By the way, instead <br>
> > of a response.redirect, if I return the page <br>
> > > template directly in the script with a statement like "return <br>
> > > container['view_session_obj.pt']()", it works perfectly. Unfortunately, <br>
> > I <br>
> > > need the redirect because of the way my actual page template works.<br>
> > > <br>
> > > Brad<br>
> > > <br>
> > > <br>
> > > <br>
> > > <br>
> > > <br>
> > > Chris McDonough <chrism@zope.com><br>
> > > 04/15/2003 10:18 AM<br>
> > > <br>
> > > To: Brad Powell/PPCO@Phillips<br>
> > > cc: zope@zope.org<br>
> > > Subject: Re: [Zope] Help with session data and redirects<br>
> > > <br>
> > > <br>
> > > Under Mozilla 1.3 on Linux, when running your test (e.g. when visiting<br>
> > > /createSessionAndRedirect?sessionText=456), I immediately get:<br>
> > > <br>
> > > ## Page Template "view_session_obj.pt" ##<br>
> > > <br>
> > > 456<br>
> > > <br>
> > > Like you, I suspect this may be a browser issue. <br>
> > > <br>
> > > To verify, cause the createSessionAndRedirect to generate a "random"<br>
> > > query string like this:<br>
> > > <br>
> > > session = context.REQUEST.SESSION<br>
> > > sessionObjName = 'redirectTest'<br>
> > > session.set(sessionObjName, sessionText)<br>
> > > return<br>
> > > <br>
> > context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url() <br>
> > <br>
> > > + '?abc=%s' % context.ZopeTime().timeTime())<br>
> > > <br>
> > > This should prevent browsers from returning a cached page. A more<br>
> > > permanent solution would be to set a Pragma: No-Cache or Cache-Control:<br>
> > > No-Cache HTTP header within "view_session_obj.pt".<br>
> > > <br>
> > > - C<br>
> > > <br>
> > > <br>
> > > On Tue, 2003-04-15 at 10:58, Brad Powell wrote:<br>
> > > > I have a problem where session data does not appear to be updated when <br>
> > <br>
> > > the <br>
> > > > setting of the session data is followed by a response.redirect in a </font>
<br><font size=2 face="Courier New">> > > Python <br>
> > > > script. A browser refresh is required to get the correct data <br>
> > > displayed. <br>
> > > > This happens on both Zope v2.5.1 and v2.6.1. It also happens with IE <br>
> > > and <br>
> > > > Mozilla browsers; but, interestingly, it does not occur with the <br>
> > > Konqueror <br>
> > > > browser. This led me to believe it was a browser issue, but no matter <br>
> > <br>
> > > > what options I try in IE, I cannot get it to work. I thought it might <br>
> > <br>
> > > be <br>
> > > > an issue with the browser cache settings, but, again, no matter what I <br>
> > <br>
> > > try <br>
> > > > I get the same result.<br>
> > > > <br>
> > > > I've included a test script and page template that demonstrates this <br>
> > > > problem. When I go to url "sessionCreateAndRedirect?sessionText=123", <br>
> > I <br>
> > > > get the message, "Problem: no session object (redirectTest)." If I <br>
> > then <br>
> > > <br>
> > > > refresh the browser, I get "123" displayed, which is the correct <br>
> > > response. <br>
> > > > Subsequent calls to the url with different values for sessionText <br>
> > > returns <br>
> > > > the previous session value, until I do a browser refresh.<br>
> > > > <br>
> > > > Any assistance, guidance, wisdom, etc. on this matter would be greatly <br>
> > <br>
> > > > appreciated.<br>
> > > > <br>
> > > > <br>
> > > > ## Script (Python) "sessionCreateAndRedirect"<br>
> > > > ##parameters=sessionText<br>
> > > > ##<br>
> > > > session = context.REQUEST.SESSION<br>
> > > > sessionObjName = 'redirectTest'<br>
> > > > session.set(sessionObjName, sessionText)<br>
> > > > return <br>
> > > > <br>
> > > <br>
> > context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url())<br>
> > > > <br>
> > > > ## Page Template "view_session_obj.pt"<br>
> > > > ##<br>
> > > > <html><br>
> > > > <head><br>
> > > > <title tal:content="template/title">The title</title><br>
> > > > </head><br>
> > > > <body><br>
> > > > <tal:block define="global sesObj request/SESSION/redirectTest | <br>
> > > > nothing"></tal:block><br>
> > > > <p tal:condition="not:sesObj">Problem: no session object <br>
> > > > (redirectTest).</p><br>
> > > > <p tal:condition="sesObj" tal:content="sesObj">session obj <br>
> > > > contents</p><br>
> > > > </body><br>
> > > > </html><br>
> > > > <br>
> > > > <br>
> > > > Brad<br>
> > > <br>
> > > <br>
> > > <br>
> > > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> Zope maillist - Zope@zope.org<br>
> http://mail.zope.org/mailman/listinfo/zope<br>
> ** No cross posts or HTML encoding! **<br>
> (Related lists - <br>
> http://mail.zope.org/mailman/listinfo/zope-announce<br>
> http://mail.zope.org/mailman/listinfo/zope-dev )<br>
<br>
<br>
</font>
<br>
<br>
--=_alternative 006C8F5E86256D09_=--
------=_NextPartTM-000-836deb6f-e52a-4450-8f5e-5432965ab577--